11-02-2022 09:09 AM
We output Secure Endpoint events to our SIEM. I am seeing Cloud IOC events in the SIEM, however, upon review of the endpoint in Secure Endpoint, the IOC indicators are displayed. This appears to be true of low-criticality events. Also, when I attempt to view cloud IOC events, my only option is to download a CVE of the events as they are not displayed in the console. The resulting excel spreadsheet is incomplete.
11-14-2022 11:42 PM
Hi Davedog
Cloud IOC event will available in Device trajectory. You Navigate to device trajectory by clicking
Dashboard --> Event --> Filter IOC in event type --> Click Device trajectory button next to event Severity level --> now you can view Cloud IOC in trajectory System Tab and event details. Kindly find below screenshot as well for more understanding
Kindly let know if you have more queries about Cloud IOC information
Regards
Arunkumar
11-16-2022 07:57 AM
Hello @Davedog ,
if the events shown in the console are different to what you see from the Event Stream, you might check with TAC if there are any issues. Does the issue still exist?
Greetings, Thorsten
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide